For those using Windows Vista, what built-in security features are you using? * Also, please provide your Windows Vista version(s) * >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< * Windows Vista Home Premium SP1 * Windows Firewall - For inbound, I have no exceptions. For outbound, I use the free Sphinx-Soft Vista Firewall Control Application Protection. This is not built-in, but makes Vista's outbound capabilities more accessible. ( Not unlike Firestarter and Lokkit for iptables in Linux. ) Windows Update - Set to "Automatic" with "Notify but do not download or install"; I usually apply updates when notified Software DEP - Set to "All programs and services except those I select" ( I have no exceptions ) Parental Controls - Set to default-deny for *.exe files; Monitor allowed and blocked executables; Monitor web sites visited Microsoft Windows Defender - All real-time protection features are enabled ( I must admit that I like the services/driver installation notification, program start on system startup notification and option to permit/deny ); Infrequent scans IE 7 Protected Mode - Enabled, but I use a 3rd party web browser with 3rd party application virtualization software Other Vista Security - Tweaking; I disabled some services ( via services.msc ): "Computer Browser", "Remote Registry", "Server", "Smart Card", "Smart Card Removal Policy", "SSDP Discovery", "TCP/IP NetBIOS Helper", "Terminal Services", "Terminal Services Configuration", "UPnP Device Host", "WebClient" and "Windows Remote Management"; set to "Disable TCP/IP over NetBIOS" in network connections; Disabled "Remote Assistance"
Vista 32 Ultimate Automatic updates (Download but dont install) Software Restriction Policy UAC DEP windows services IE7 protected mode the few times I use it.
Vista Ultimate SP1 Windows Firewall UAC Windows Update (notify) Software DEP (All programs) Windows Defender (on)
Windows Firewall Windows Firewall with Advanced Security Windows Update User Account Control DEP IE7 is my onliest browser and has Protected mode enabled Other tweaking Using Windows Vista Home Premium with Service Pack 1. I am too young to have kids but I find parental control very useful and have intensions to use it in future I would also use Software Restriction Policy if I had Ultimate or Business editions + I'd use Standart user account if someone else uses my PC (but for now the laptop which has Vista is my personal) .
Microsoft has placed 'default deny' in what they refer to as "Parental Controls". This is especially true for Vista Home Basic and Home Premium. Unfortunately, this means that a lot of adults will probably not use it. However, Microsoft did well to include this capability in Windows Vista. Here is a link that has been posted here at Wilders before, but am posting it again as it is very good: http://www.ranum.com/security/computer_security/editorials/dumb/ "The Six Dumbest Ideas in Computer Security "#1) Default Permit "This dumb idea crops up in a lot of different forms; it's incredibly persistent and difficult to eradicate. Why? Because it's so attractive. Systems based on "Default Permit" are the computer security equivalent of empty calories: tasty, yet fattening. "The most recognizable form in which the "Default Permit" dumb idea manifests itself is in firewall rules. Back in the very early days of computer security, network managers would set up an internet connection and decide to secure it by turning off incoming telnet, incoming rlogin, and incoming FTP. Everything else was allowed through, hence the name "Default Permit." This put the security practitioner in an endless arms-race with the hackers. Suppose a new vulnerability is found in a service that is not blocked - now the administrators need to decide whether to deny it or not, hopefully, before they got hacked. A lot of organizations adopted "Default Permit" in the early 1990's and convinced themselves it was OK because "hackers will never bother to come after us." The 1990's, with the advent of worms, should have killed off "Default Permit" forever but it didn't. In fact, most networks today are still built around the notion of an open core with no segmentation. That's "Default Permit." "Another place where "Default Permit" crops up is in how we typically approach code execution on our systems. The default is to permit anything on your machine to execute if you click on it, unless its execution is denied by something like an antivirus program or a spyware blocker. If you think about that for a few seconds, you'll realize what a dumb idea that is. On my computer here I run about 15 different applications on a regular basis. There are probably another 20 or 30 installed that I use every couple of months or so. I still don't understand why operating systems are so dumb that they let any old virus or piece of spyware execute without even asking me. That's "Default Permit." "A few years ago I worked on analyzing a website's security posture as part of an E-banking security project. The website had a load-balancer in front of it, that was capable of re-vectoring traffic by URL, and my client wanted to use the load-balancer to deflect worms and hackers by re-vectoring attacks to a black hole address. Re-vectoring attacks would have meant adopting a policy of "Default Permit" (i.e.: if it's not a known attack, let it through) but instead I talked them into adopting the opposite approach. The load-balancer was configured to re-vector any traffic not matching a complete list of correctly-structured URLs to a server that serves up image data and 404 pages, which is running a special locked-down configuration. Not surprisingly, that site has withstood the test of time quite well. "One clear symptom that you've got a case of "Default Permit" is when you find yourself in an arms race with the hackers. It means that you've put yourself in a situation where what you don't know can hurt you, and you'll be doomed to playing keep ahead/catch-up. "The opposite of "Default Permit" is "Default Deny" and it is a really good idea. It takes dedication, thought, and understanding to implement a "Default Deny" policy, which is why it is so seldom done. It's not that much harder to do than "Default Permit" but you'll sleep much better at night.
Windows Vista Home Premium SP1 x64 OEM. Windows Firewall - inbound only, no manual settings. Windows Update - automatic, though I check occasionally for optional updates. IE 7 Protected Mode - I use x64 version mostly, I use x32 version only for flash, also IE7Pro x32 & x64 versions. Hardware DEP - standard only, because Vista refuses to delete exceptions and it causes more problems with aplications than it is worth for. Other Vista Security - the same services you posted disabled, CCleaner and HijackThis to clean up junk, CureIt for check up, OpenDNS servers.
I started learning the Windows Firewall outgoing control options . So far so good . It seems not that difficult , so one more thing for me Windows Firewall with Advanced Security